正在显示
1 个修改的文件
包含
23 行增加
和
5 行删除
| @@ -29,11 +29,15 @@ class WXBizDataCrypt | @@ -29,11 +29,15 @@ class WXBizDataCrypt | ||
| 29 | */ | 29 | */ |
| 30 | public function decryptData( $encryptedData, $iv, &$data ) | 30 | public function decryptData( $encryptedData, $iv, &$data ) |
| 31 | { | 31 | { |
| 32 | - | 32 | + if (strlen($this->sessionKey) != 24) { |
| 33 | + return ErrorCode::$IllegalAesKey; | ||
| 34 | + } | ||
| 33 | $aesKey=base64_decode($this->sessionKey); | 35 | $aesKey=base64_decode($this->sessionKey); |
| 34 | 36 | ||
| 35 | 37 | ||
| 36 | - | 38 | + if (strlen($iv) != 24) { |
| 39 | + return ErrorCode::$IllegalIv; | ||
| 40 | + } | ||
| 37 | $aesIV=base64_decode($iv); | 41 | $aesIV=base64_decode($iv); |
| 38 | 42 | ||
| 39 | $aesCipher=base64_decode($encryptedData); | 43 | $aesCipher=base64_decode($encryptedData); |
| @@ -41,10 +45,24 @@ class WXBizDataCrypt | @@ -41,10 +45,24 @@ class WXBizDataCrypt | ||
| 41 | $result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV); | 45 | $result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV); |
| 42 | 46 | ||
| 43 | $dataObj=json_decode( $result ); | 47 | $dataObj=json_decode( $result ); |
| 44 | - | ||
| 45 | - | 48 | + if( $dataObj == NULL ) |
| 49 | + { | ||
| 50 | + return ErrorCode::$IllegalBuffer; | ||
| 51 | + } | ||
| 52 | + if( $dataObj->watermark->appid != $this->appid ) | ||
| 53 | + { | ||
| 54 | + return ErrorCode::$IllegalBuffer; | ||
| 55 | + } | ||
| 46 | $data = $result; | 56 | $data = $result; |
| 47 | - | 57 | + return ErrorCode::$OK; |
| 48 | } | 58 | } |
| 49 | 59 | ||
| 60 | +} | ||
| 61 | +class ErrorCode | ||
| 62 | +{ | ||
| 63 | + public static $OK = 0; | ||
| 64 | + public static $IllegalAesKey = -41001; | ||
| 65 | + public static $IllegalIv = -41002; | ||
| 66 | + public static $IllegalBuffer = -41003; | ||
| 67 | + public static $DecodeBase64Error = -41004; | ||
| 50 | } | 68 | } |
-
请 注册 或 登录 后发表评论